Tuesday 29 October 2024

Ultimate Ansible Interview Guide: 30 Advanced Questions and Solutions

 Ansible is a configuration management tools and it comes under continues delivery / deployment in DevOps Lifecycle

Here are few important Ansible questions and answers which will help you to crack interview easily. I have tried to cover all the important questions and Answers

Sunday 1 September 2024

Understanding Sealed Class in Java and its use-case


Introduction to Sealed Class and Interfaces

Sealed Class in Java are used to allow / permit specific named Class which can extend the Sealed Class. 
With Sealed Class, we can say that Class A can only be extended by Class B and Class C and not any other class, thus limiting who can extend a particular Java Class



Detailed Explanation and use-case

Let's start with a very simple example. Consider we are creating a base class name Animal which implements basic feature of animal like walking, running etc
Now, We want few classes to extend Animal class like Cat, Dog, Lion, Tiger etc which we can do it easily and implement specific respective feature
Since this Animal Class can be extended by any class, someone can accidentally extend Animal class for Pigeon too which is not correct
 In other words, Sealed Class / Interface permits (or restricts) which all Class / Interface can use them. It prevents misuse of Java Class / Interface

Advantage and Disadvantage of using Sealed Class

Lets discuss Advantage first

Advantage of Sealed Class and Interface:

  • The developer of Sealed Class can manage who can use / or whose code can implement it
  • If we compare with access modifier, Sealed Class provide a more declarative way to restrict use of super class
  • Sealed Class and its permitted sub-class can be used as Pattern Matching using Switch statement

Disadvantage of Sealed Class and Interface

  • If not properly designed / thought about its all permitted sub-class, need to revisit code of super class to add more permitted sub-class
  • In few use-cases, unit testing would be difficult
  • Permitted class uses cannot be detected at compile time, so if it has been used and its not in list of permitted sub-class, it cannot throw compile time error
  • Limitation of usage of permitted sub-class within same module only

How to declare Sealed Class:

Sealed class can be declared with using the keyword sealed along with its permit sub-classes with keyword permits

Example of How to create Sealed Classes:

package com.tech693.java.examples.seal;

public sealed class Animal permits Cat, Dog {

    public void getIdentity(){

        System.out.println("Animal");
    }
}

Notice the sealed and permits keywords. Its mandatory to declare one sub-class using permits keyword when using sealed. 
By this we are declaring that only Cat and Dog sub-class can extend the Animal class and no other class is allowed to extend Animal class
Now, lets see how to create Cat and Dog class

Example of how to create Sealed sub-class:

package com.tech693.java.example.seal;

// Pls note its mandatory to declare sub class as either sealed or non-sealed or final
public non-sealed class Cat extends Animal { 
    
    public void getIdentity(){
        System.out.println("Cat");
    }    
}

package com.tech693.java.example.seal;

// Pls note its mandatory to declare sub class as either sealed or non-sealed or final
public final class Dog extends Animal {
    
    public void getIdentity(){
    System.out.println("Dog");
    }  
}

Also, the sub-class should directly extend the sealed class.
for eg.  Suppose, A is a sealed class which permits B to extend it and B is also a sealed class that permits C. In this scenario C cannot directly extend A

Its mandatory to declare sub class as either sealed or non-sealed or final which has different relevance
  • Sub-class as Sealed: - Can only be further extended by sub-class permitted class
  • Sub-class as final :- Cannot be further extended
  • Sub-class as non-sealed - Can be extended further by any class
    • The idea to have non-sealed is to know the developer that it extends the sealed class and is not accidently allowing further extended by its sub-class
Now lets run the above code using Main class as shown below:
package com.tech693.java.example.seal;

public class SealedClassExample {
    public static void main(String[] args) {
        Animal animal = new Cat();
        animal.getIdentity();

        Animal animal1 = new Dog();
        animal1.getIdentity();
    }
}

Output

So when Animal class is declared as cat, it will print Cat when getIdentity() is called

Here is the output of the above code :

Output:

Cat
Dog

Sealed Interface:

Sealed interface acts similarly as Sealed Class. The only difference is the difference between abstract class and interface (we have have some business logic code in abstract class but cannot have it in interface)

Sealed Interface Example:

Let's see some code example of implementing sealed as Interface
package com.tech693.java.examples.seal;

public sealed interface Animal permits Cat, Dog {

    public void getIdentity(){}
}

package com.tech693.java.example.seal;

// Pls note its mandatory to declare sub class as either sealed or non-sealed or final
public non-sealed class Cat implements Animal { 
    
    public void getIdentity(){
        System.out.println("Cat");
    }    
}

package com.tech693.java.example.seal;

// Pls note its mandatory to declare sub class as either sealed or non-sealed or final
public final class Dog implements Animal {
    
    public void getIdentity(){
    System.out.println("Dog");
    }  
}


Till now we have got the basic idea about Sealed Classes and its permitted sub-class.

Lets understand further in more depth about its use-case and how Java implemented Sealed class

Record class as permitted subclasses of a Sealed Class

Since Record class are implicitly final we can use record class in the permits clause of a Sealed Class or Interface
Here is an example of Record class as subclasses of a sealed class

package com.example.records.expressions;

sealed interface Expr permits ConstantExpr, PlusExpr, TimesExpr, NegExpr {
    public int eval();
}

record ConstantExpr(int i) implements Expr {
    public int eval() { return i(); }
}

record PlusExpr(Expr a, Expr b) implements Expr {
    public int eval() { return a.eval() + b.eval(); }
}

record TimesExpr(Expr a, Expr b) implements Expr {
    public int eval() { return a.eval() * b.eval(); }
}

record NegExpr(Expr e) implements Expr {
    public int eval() { return -e.eval(); }
}
Note that we haven't declare any modifier (final, non-sealed or sealed) to sub-class. This is because Record class are final by default.

Design considerations when using Sealed Classes and Interfaces

We should keep in mind following consideration while designing Sealed Classes or Interface
  • Design Decision - We should carefully consider which class should be declared sealed before start implementing only. Sealed class / interface consideration often results in tightly coupled design instead of loosely coupled
  • Backward Compatibility - If we plan to use sealing class, it can impact backward compatibility. Adding new permitted sub-class in future release can break existing code that depends on the sealed API
  • Package / Module Arrangement - We should carefully construct Java Module / Package structure when used sealed classes or interface as the scope of sealed class and its permitted sub-class is scoped under a single module.

Sealed Class as Pattern Matching case:

This is very important to understand. The introduction of Sealed class in Java opens up a new paradigm of using Permitted classes as Pattern Matching in switch case
Let's first understand how Sealed Class is implemented in JDK. 
Although sealed is a class modifier, there is no ACC_SEALED flag in the ClassFile structure. Instead, the class file of a sealed class has a PermittedSubclasses attribute which implicitly indicates the sealed modifier and explicitly specifies the permitted subclasses:

PermittedSubclasses_attribute {
    u2 attribute_name_index;
    u4 attribute_length;
    u2 number_of_classes;
    u2 classes[number_of_classes];

Code Example: Consider above example of Animal as sealed class and Cat and Dog as its permitted sub class. 
Here is the example where we can use sealed class in switch case

private static String checkAnimal(Animal animal){                                     
    return switch (animal) {                                                          
        case Cat c -> c.getIdentity();                                                
        case Dog d -> d.getIdentity();                                                
        default -> throw new IllegalArgumentException("Unexpected Input: " + animal); 
    };                                                                                
}


Frequently Asked Question:

Why Sealed Class is introduced in Java, what problem does it solves?
 
The purpose of sealed class is to have more control on sub-class / interface hierarchy. It provides a way to create hierarchy of classes and its sub-classes. It also solves the problem of using sealed class as Pattern Matching using switch case

What is the difference between sealed and final class?


Final class means no other class can extend it whereas sealed class means only permitted sub-class can extend it


What is the difference between sealed and abstract class?


Sealed class can be used along with abstract keyword and its a good idea because in most of the use-case sealed class is abstract and its permitted sub-class has actual implementation. for eg - Shape sealed class can have Rectangle, Triangle as its permitted sub-class and the actual implementation of its area, radius, circumference and diameter code is in its permitted sub-class


Friday 6 January 2023

5 Best Online Course to Learn Amazon Web Services AWS in 2023

Amazon Web Services (AWS) is undoubtedly the most popular Cloud Computing Services today that provides on-demand cloud computing platform. 


Why learning AWS is worthful?

AWS has around 1/3rd of market share which indicates its popularity and indirectly relates to more jobs opening for AWS Engineers as compared to other Clouds. So learning AWS is worthful for System Administrator as well as Developers / Architects.




I have filtered out Top 5 best online courses for AWS which you can opt for learning in 2023.




  • The course instructor is Stephane Maarek an AWS Certified Cloud Practitioner, Solutions Architect,Developer
  • 4.7 Instructor Rating|533,519 Reviews|1,752,022 Students|41 Courses
  • Best Selling Instructor, 9x AWS Certified, Kafka Guru
  • Stéphane is recognized as an AWS Hero and is an AWS Certified Solutions Architect 
  • Professional & AWS Certified DevOps Professional.

Requirements:
  • Know the basics of IT
  • No AWS Cloud experience is necessary, we'll use the AWS Free Tier
  • Windows / Linux / Mac OS X Machine

Beginners welcome: No need to know anything about AWS!
34 sections • 389 lectures • 27h 10m total length

Keypoints:
  • 30-Day Money-Back Guarantee
  • This course includes:
  • 27 hours on-demand video
  • 13 articles
  • 1 downloadable resource
  • 1 practice test
  • Full lifetime access




  • This course is instructed by Neal Davis | AWS Certified Solutions Architect & Developer
  • AWS Solutions Architect & AWS Certified Instructor
  • Instructor Rating 4.6 |106,791 Reviews |507,614 Students | 16 Courses
Requirements:
  • This course is designed for Cloud Computing beginners and AWS beginners
  • Absolutely no prior experience necessary
Key points:
  • 12 sections • 88 lectures • 6h 52m total length
  • 30-Day Money-Back Guarantee
  • 7 hours on-demand video
  • 2 articles
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of completion



  • This course is launched by BackSpace Academy and Paul Coady Cloud Technology Expert.
  • The fastest route to cloud certification.
  • BackSpace Academy is having 4.5 Instructor Rating 29,194 Reviews 403,020 Students 3 Courses and
  • Paul Coady is 4.5 Instructor Rating 21,868 Reviews 143,105 Students 1 course
  • BackSpace Academy is Providing accelerated learning programs taught by AWS professional level certified instructors since 2014. A unique approach that focusses on maximum results in the shortest possible time. Quality lecture videos reinforced with instructional and hands-on lab videos and, review tests.
  • Paul Coady is Highly experienced expert in cloud architecture design and deployment, not simply a certificate collector.Amazon Web Services Certified Professional. Providing a learn-by-doing approach produces students not only ready to pass an exam but also ready for employment. BackSpace Academy, the fastest route to cloud certification. Providing AWS Training since 2014 and still going strong.
What you'll learn
  • You will be fully prepared for the AWS Certified Solutions Architect Associate,
  •  AWS Certified Developer Associate and AWS Certified SysOps Administrator Associate
Requirements:
  • Basic understanding of computers and networking.
  • The student will require an AWS account to complete hands on labs sessions.
  • Windows, Linux or Mac PC to complete hands on labs sessions.

Key points:
  • 5 sections • 200 lectures • 45h 55m total length
  • 30-Day Money-Back Guarantee
  • 46 hours on-demand video
  • 7 articles
  • 41 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of completion



  • Very frequent batches
  • 4.5 Google Reviews |4.7 Trustpilot Reviews |4.5 G2 Reviews |4.4 Sitejabber Reviews
Key points:
  • Live Interactive Learning
  • World-Class Instructors
  • Expert-Led Mentoring Sessions
  • Instant doubt clearing
  • Lifetime Access
  • Course Access Never Expires
  • Free Access to Future Updates
  • Unlimited Access to Course Content
  • 24x7 Support
  • One-On-One Learning Assistance
  • Help Desk Support
  • Resolve Doubts in Real-time
  • Hands-On Project Based Learning
  • Industry-Relevant Projects
  • Course Demo Dataset & Files
  • Quizzes & Assignments
  • Industry Recognised Certification
  • Edureka Training Certificate
  • Graded Performance Certificate
  • Certificate of Completion

5. AWS Essentials (Udemy)


  • This course is designed by Amazon Web Services (AWS) is a subsidiary of Amazon.com
  • Amazon Web Services (AWS) 4.4 Instructor Rating | 24,888 Reviews | 123,221 Students |8 Courses
Keypoints:
  • 7 sections • 61 lectures • 3h 22m total length
  • 30-Day Money-Back Guarantee
  • 3.5 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of completion
Requirements
  • Fundamental understanding of IT, storage, databases, and networking.
Disclosure: This article may contain affiliate links. When you purchase, we may earn a small commission.

Thursday 15 August 2019

What is fishbucket in Splunk

Introduction

In this post we will learn what is fishbucket in Splunk but before that lets us understand what Splunk is and its purpose.
Splunk is used for monitoring, searching, analyzing the machine data in real time. The datasource can range from application data to user created data to sensors or devices.

Purpose of Splunk fishbucket

Before analyzing the data, Splunk index the data. The index is necessary to analyze the data. But here is the issue, what if the same data is indexed multiple times or in other words, how to avoid duplicate indexing the same chunk of data?
Splunk fishbucket keeps seek pointers and CRCs for the indexed files inside the directory. This directory is called fishbucket. Since through fishbucket we can know which data has already been indexed, so splunkd can tell if it has been read already and avoid duplicate indexing.


How fishbucket works?

File monitor processor searches the fishbucket to see if the CRC from the beginning of the file is already there or not. This is the first step of file monitor processor whenever it starts looking at a file. There can be three possible scenarios:
Scenario 1: If CRC is not present is fishbucket, the file is indexed as new. This is simple, file has never been indexed. After indexing, it stores CRC and seekpointer inside fishbucket.
Scenario 2: If CRC is present is fishbucket and seek pointer is same as current end of file , this means the file has already been indexed and has not been changed since last indexed. Seek pointer is used to check if there is change in file or not.
Scenario 3: If CRC is present is fishbucket and seek pointer is beyond the current end of file, this means something in the part of file which we have already read has been changed. Since we cannot know what has been changed, lets re-index the whole data again.
Location of fishbucket directory
All these CRCs and seek pointer is stored in location by default:
/opt/splunk/var/lib/splunk


Retention policy of fishbucket index

Via indexes.conf, we can change the retention policy of fishbucket index. This may be needed if we are indexing a lots of number of file. But we need to be careful when changing retention policy because if the file which has already been indexed but the CRCs and seek pointer got deleted due to change of retention policy, there is risk of same file getting indexed again.


Ways to track down a particular file when needed

If you need to know which file has been indexed and reindexed at which particular time, we can search all the events in the fishbucket associated with it by the file or source name. We can check seek pointer and mod time to know the required details.
We can also search fishbucket through GUI by searching for "index=_thefishbucket".

That's all for Splunk fishbucket. If you have any query, please mention in comment sections. Thanks.
Originally published at https://devopsrevisited.com

Related Articles:
You may also like:

Tuesday 13 August 2019

Introduction to DevOps on AWS

Introduction:

Amazon Web Services(AWS) is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy any type of application in the cloud.

It is a comprehensive, easy to use computing platform. The platform is developed with a combination of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings.

Advantages of AWS for DevOps

There are many benefits of using AWS for Devops:

Get Started Fast

Each AWS service is ready to use if you have an AWS account. There is
no setup required or software to install.

Fully Managed Services

These services can help you take advantage of AWS resources
quicker. You can worry less about setting up, installing, and operating infrastructure on your own. This lets you focus on your core product.

Built for scale

You can manage a single instance or scale to thousands using AWS
services. These services help you make the most of flexible compute resources by
simplifying provisioning, configuration, and scaling.

Programmable

You have the option to use each service via the AWS Command Line
Interface or through APIs and SDKs. You can also model and provision AWS resources
and your entire AWS infrastructure using declarative AWS CloudFormation templates.

Automation

AWS helps you use automation so you can build faster and more efficiently.
Using AWS services, you can automate manual tasks or processes such as deployments,
development & test workflows, container management, and configuration management.

Secure

Use AWS Identity and Access Management (IAM) to set user permissions and
policies. This gives you granular control over who can access your resources and how they
access those resources.

Buffer In Amazon Web Services

An Elastic Load Balancer ensures that the incoming traffic is distributed optimally across
various AWS instances.

A buffer will synchronize different components and makes the arrangement additional
elastic to a burst of load or traffic.

The components are prone to work in an unstable way of receiving and processing the
requests. The buffer creates the equilibrium linking various apparatus and crafts them effort at the identical rate to supply more rapid services.

Components of Amazon Web Services

Amazon S3

With this, one can retrieve the key information which are occupied in creating
cloud structural design and amount of produced information also can be stored in this
component that is the consequence of the key specified.

Amazon EC2 instance

Helpful to run a large distributed system on the Hadoop cluster.Automatic parallelization and job scheduling can be achieved by this component.

Amazon SQS

This component acts as a mediator between different controllers. Also worn
for cushioning requirements those are obtained by the manager of Amazon.

Amazon SimpleDB

Helps in storing the transitional position log and the errands executed
by the consumers.

How Spot instance different from an On-Demand instance or Reserved Instance

Spot Instance, On-Demand instance and Reserved Instances are all models for pricing.

Moving along, spot instances provide the ability for customers to purchase compute
capacity with no upfront commitment, at hourly rates usually lower than the On-Demand
rate in each region.

Spot instances are just like bidding, the bidding price is called Spot Price. The Spot Price
fluctuates based on supply and demand for instances, but customers will never pay more
than the maximum price they have specified.

If the Spot Price moves higher than a customer’s maximum price, the customer’s EC2
instance will be shut down automatically.

But the reverse is not true, if the Spot prices come down again, your EC2 instance will not
be launched automatically, one must do that manually.

In Spot and on demand instance, there is no commitment for the duration from the user
side, however in reserved instances one must stick to the time period that he has chosen.

Amazon Elastic Container Service (ECS)

Amazon Elastic Container Service (ECS) is a highly scalable, high performance container
management service that supports Docker containers and allows us to easily run
applications on a managed cluster of Amazon EC2 instances.

AWS Lambda in AWS DevOps

AWS Lambda lets us run code without provisioning or managing servers. With Lambda,
we can run code for virtually any type of application or backend service, all with zero
administration.

Just upload your code and Lambda takes care of everything required to run and scale your
code with high availability.

Amazon EC2 security best practices:

There are several best practices to secure Amazon EC2. A few of them are given below:

  • Use AWS Identity and Access Management (IAM) to control access to your AWS resources.
  • Restrict access by only allowing trusted hosts or networks to access ports on your
  • instance.
  • Review the rules in your security groups regularly, and ensure that you apply the
  • principle of least.
  • Privilege – only open up permissions that you require.
  • Disable password-based logins for instances launched from your AMI. Passwords can be found or cracked and are a security risk.

Friday 26 July 2019

Top 100 Splunk Interview questions and answers

In this article, we will see important Splunk Interview Questions and Answers.

Here are the top 100 interview questions and answers on Splunk

What is Splunk and its uses?
Splunk is a software used for monitoring, searching, analyzing the machine data in real time. The adata source can be web application, sensors, devices, or user created data.

What are the components of Splunk?
The components of Splunk are:
(a) search head - GUI for searching
(b) Forwarder - forward data to indexer
(c) indexer - index machine data
(d) Deployment server - Manages splunk components  in distributed environment.

Briefly describe how Splunk works?
Splunk works by collecting, parsing, indexing and analyzing data. Data is collected by the forwarder from the source and forwarder forward the data to the indexer. On data stored in the indexer the search head searches, visualizes, analyzes and performs various functions.

What is Splunk forwarder?
Splunk forwarder is used to forward data to indexer.

What are the advantages of Splunk forwarder?
Splunk forwarder can throttle bandwidth and provide an encrypted SSL connection for transferring data from forwarder to indexer.

What are the types of forwarder?
There are two types:
Universal Forwarder
Heavy Weight Forwarder

What is Universal Forwarder?
In Universal forwarder, splunk agent is installed on non-splunk system to gather data locally but it can't parse or index data

What is Heavy Weight Forwarder?
Heavy weight forwarder is the full instance of splunk with advance functionality and it works as remote controller as well as intermediate forwarder and data filter.

What is the advantage of Splunk over other similar tools?
Splunk is a single integrated tool for machine data. It does all the role starting from performing IT operation, analyzing machine logs with providing business intelligence. There can be other tools in market but Splunk is the only tool that provides end-to-end data operation. You might need 3-4 tools individually for what Splunk is doing as a single software.

What are the configuration files of Splunk?
props.conf
indexes.conf
inputs.conf
transforms.conf
server.conf

What are the different licenses in Splunk?
There are 6 type of licenses in Splunk
Enterprise license
Free license
Forwarder license
Beta license
Licenses for search heads 
Licenses for cluster members

What is the limitation of free license in Splunk?
In free license we cannot authenticate and schedule searches, distribute search, forwarding in TCP/ Http and deployment management

What is the use of License Master in Splunk?
License Master controls how much data size we can index in a day. For example if we have 200 GB license model, then we can only index 200 GB of data in a day. So we should have the license for the maximum data size we are getting.

Suppose due to some reason License Master is unreachable, will the indexing stop?
Data search will stop if License Master is not reachable, however data will continue to indexed. You will get a warning on web UI or search head that you have exceeded the indexing volume. The indexing will not stop.

What is the use of DB Connect in Splunk?
Its a plugin to connect to generic SQL database and integrate with it.

What is the command for boot-start enable and disable?
To enable Splunk to boot-start, the command is:
$SLUNK_HOME/bin/Splunk
To disable Splunk to boot-start, the command is:
$SPLUNK_HOME/bin/Splunk

What is summary index in Splunk?
To boost the reporting efficiency, Summary indexes are used. Basically it enables user to generate report after processing huge volume of machine data.

What are the different types of Summary Index?
There are two types:
Default Summary Index - It is used by Splunk Enterprise by default in case no other summary index are specified.
Additional Summary Index - To enable running varieties of reports, additional summary index is used.

What is the default field for events?
The five default fields are 
source, 
host, 
source type, 
index,
timestamp

How can we restart Splunk?
Splunk can be restarted from the Splunk Web. The steps are
1.Go to System, navigate to Server Controls.
2.Click on Restart Splunk.

How to search multiple ips in splunk?
Using lookup tables, we can search multiple IP addresses 

What is the most efficient way to filter events in splunk?
The most efficient way to filter events in Splunk is by time / duration.

How can we reset Splunk password?
To reset the password, access to the file where Splunk is running is necessary. Then perform the following steps:
Move $SPLUNK_HOME/etc/passwd file to $SPLUNK_HOME/etc/passwd.bak
Restart Splunk and log in with default username and password i.e. admin/changeme.
Reset the password and combine the password file with the backup file.

What is sourcetype?
Sourcetype in Splunk is a default data field.Sourcetype is the format of the data that shows its origin. for eg, take .evt files,  it originate from the event viewer. The classification of the incoming data can be done based on service, system, format and character code. The common source types are apache_error, websphere_core, apache_error and cisco_syslog.  What it does is processes and distributes incoming data into different events. 

How to use two sourcetypes in splunk? 
I would like to give usecase on how to search 2 sourcetpes in a lookup file
sourcetype=X OR sourcetype=Y | lookup country.csv
Using this code, sourcetypes X and Y can be searched in a lookup file.

What is kv store in splunk?
KV stands for key value that allows to store and obtain data inside Splunk. The KV store has the following functions:
(a) To manage a job queue.
(b) For storing metadata by the user.
(c) Analysing the workflow.
Storing the user application state required for handling a UI session. To store the results of the search queries in Splunk. Maintaining a list of environment assets and checkpoint data.

What is deployer in Splunk? 
A deployer is used to deploy configuration information and apps to the cluster head. The set of configuration details such as updates that the deployer sends is called configuration bundle. The deployer shares this bundle when a new cluster member joins the cluster. It handles the basic app configurations and user configurations. 
However, the latest states cannot be restored to the members of the cluster.

Which roles can create data models in Splunk?
Data models can be created through admin or power roles by the users. For other users, these models can only be created if they have the write access to the application. The permissions based on the roles determine whether a user can edit or view them.

When to use auto_high_volume in Splunk?
auto_high_volume is used when the indexes are of very high volume. A high volume index can get over 10GB of data.

What are the Splunk alternatives?
logstash, 
Loggly, 
Loglogic,
sumo logic

How to restart splunk webserver and daemon?
To restart webserver: splunk start splunkweb
To restart daemon: splunk start splunkd

How to clear Splunk search history?
we need to delete searches.log from this path
$splunk_home/var/log/splunk/searches.log

What is fishbucket in Splunk?
Its a directory or index at default location /opt/splunk/var/lib/splunk .It contains seek pointers and CRCs for the files you
are indexing, so splunkd can tell if it has read them already.We can access it through GUI by searching for  “index=_thefishbucket”

Which commands are used in the reporting results category?
  • Top 
  • Rare 
  • stats
  • Chart 
  • Timechart 

What is the use of stat command?
Stat reports data in tabular format and multiple fields is used to build table.

What is the use of chart command?
As name indicates, chart is used to display data in bar, line or area graph. It takes 2 fields to display chart.

What is the use of timechart?
Timechart is used to display data on timeline. It just takes 1 field as the other field is by default is time field.

How to disable the Splunk boot start?
$SPLUNK_HOME/bin/Splunkdisable boot-start

How to disable the Splunk launch message?
we can disable Splunk launch messabe by adding this in splunk_launch.conf
Set valueOFFENSIVE=Less in splunk_launch.conf

What is difference between Splunk app and Splunk Add-on?
Splunk app has GUI configuration whereas Splunk app doesnt have it (only command line)

In Splunk cluster, how to offline a peer?
Using command Splunk offline, we can offline a peer

What are the different categories in SPL command?
SPL command has five major categories:
Sorting Results, Filtering Results, Grouping Results, Filtering, Modifying and Adding Fields and Reporting Results.

How to specify minimum disk usage in splunk
Using the following commands we can set minimum disk usage:
/opt/splunk/bin/splunk set minfreemb = 20000
It requires restart, so
/opt/splunk/bin/splunk restart

Do you know what is SOS in context of Splunk?
Yes, SOS stands for Splunk on Splunk. Its a type of splunk app which provides graphical interface of Splunk performance and issues.

What does Lookup commands do?
It adds fields based while identifying the value in the event, referencing a lookup table and while adding up the fields in the matching rows in the lookup table of the event. 

What does input lookup command do?
It returns the whole lookup table as the search results.

What does the output lookup command do?
It outputs the current search results to a lookup table on the disk.

What does the sort command do in Splunk?
As name explains, it sorts the search results by the use of specified fields.
Here is the syntax:
Sort[<count>] <sort-by-clause>... [desc]

What is transaction Command and how does it works?
The transaction command is helpful in  two specific scenarios:
As we know, unique id (from one or more fields) alone is not enough to differentiate between two transactions. This might be the use case when the identifier is reused, for example web sessions identified by cookie/client IP. In this scenario, time span or pauses are also used to segment the data into transactions. In other cases when an identifier is reused, say in DHCP logs, a particular message may identify the beginning or end of a transaction. When it is desirable to see the raw text of the events combined rather than analysis on the constituent fields of the events.

How To Troubleshoot Splunk Performance Issues ?
Well, we can start from here: First I would like to check splunkd.log to trace any error. If all is fine then I will check server / vm performance issue (i.e. cpu / memory / storage IO etc) and lastly install Splunk on Splunk which provides GUI where we can check any performance issues.

How to create a new app from template in Splunk?
Go to dir /opt/splunk/bin/splunk 
create app New_App -template app1

What Is Dispatch Directory ?
$SPLUNK_HOME/var/run/splunk/dispatch contains a directory for each search that is running or has completed. For example, a directory named 1434308973.367 will contain a CSV file of its search results, a search.log with details about the search execution, and other stuff. Using the defaults (which you can override in limits.conf), these directories will be deleted 10 minutes after the search completes – unless the user saves the search results, in which case the results will be deleted after 7 days. 

What Is Difference Between Search Head Pooling And Search Head Clustering?
Both are features provided splunk for high availability of splunk search head in case any one search head goes down.Search head cluster is newly introduced and search head pooling will be removed in next upcoming versions.Search head cluster is managed by captain and captain controls its slaves.Search head cluster is more reliable and efficient than search head pooling.

What is null queue in Splunk?
Null queue used to trim out all the data that is unwanted.

List different types of search modes supported in splunk?
There are three modes:
  • Fast mode
  • Smart mode
  • Verbose mode

What is btool in Splunk?
Splunk btool is a command line tool to troubleshoot configuration file issues. It is also used to  see what values are being used by your Splunk Enterprise installation in existing environment.

How to use btool?
Command: /opt/splunk/bin/splunk btool input list

How to rollback your splunk web configuration bundle to last version?
Here is the command
/opt/splunk/bin/splunk rollback cluster-bundle

How to change port in Splunk?
/opt/splunk/bin/splunkset web-port <port_number>

What Is Map-reduce Algorithm?
Map-reduce algorithm is inspired by map and reduce funtionality and used for batch based large scale parallelization.

Where does Splunk default configuration file located?
Default configuration file is located in  $Splunkhome/etc/system/default

What is lookup command used for?
Lookup command is used for referencing fields from an external csv file that matches fields in your event data.

How Splunk Avoids Duplicate Indexing Of Logs ?
This is done by keeping track of indexed events in a directory called fish buckets and contains seek pointers and CRCs for indexed files. This way it can check whether it has been indexed or not and avoid duplicate index.

That's all for Splunk Interview questions with answers. If you have any questions, please mention in comments. Thanks!!!

Related Articles:
You may also like:

Saturday 13 July 2019

Introduction to Docker Compose

In this post, we will see how to manager multiple container lifecycle using docker-compose. Let us understand what is docker compose.

Introduction

Docker compose is a tool provided by docker to manage multiple containers within a single host. So in case you want to create / start  / stop/ remove / scale up / scale down multiple containers from a single command, docker compose comes handy. But if you are looking for managing multiple containers within multiple host, consider using docker swarm / kubernetes. Docker compose manages container lifecycle within a single host. If your containerized application is hosted on multiple node in non-clustered mode, then you need to use another copy of docker-compose on another host. However I would suggest to look for docker swarm or kubernetes for that to manage it from single point.

What docker compose can do for you?

Docker compose can automate your container deployment, re-deployment, undeployment. It is not a tool to solely create docker image (docker build used to create docker image)

Installation of Docker Compose
If you are using Windows or Mac, docker compose is already installed as it comes in Docker toolbox. But in case of Linux, We need to first install docker compose.

YAML Configuration file
Docker compose provides a configuration file docker-compose.yml where in we need to write yaml script to manager container lifecycle.  Here is the simple example of docker-compose.yml with instruction

Docker-compose Example
Docker Compose Example

Let me explain further on it.
version : It indicates compose version number
services: This indicates docker-compose that below is the list of services that needs to be containerized
<service-name>: Name of the service for reference purpose
build: Path to docker file from where image to be build to be used to create container
ports: port mapping from host to container
volumes: volume mapping from host to container
image: image name to be used to create container

Docker compose commands:

So you now have docker-compose.yml and want to manage lifecycle of containers through it. We can create, start, stop, destroy, scale using the same docker-compose.yml file. 
Here is the list of commands:
  • docker-compose up - It creates container (if required) and also run the container. Use it with this option ( -d ) to run this daemon in background
  • docker-compose down - Just opposite of up command, it stops all the containers and also removes them.
  • docker-compose start - It starts the container. Please note that if the container does not exist, it will not create a new container. It just starts the stopped container listed in docker-compose.yml
  • docker-compose stop - It stops the running container. It goes through each service mentioned in docker-compose.yml and tries to stop the started container.
  • docker-compose rm - It deletes the stopped container. use it with -f to force delete the container.
  • docker-compose scale - It set the number of containers per service. We can both scale up and scale down the number of containers per service using the same command
  • docker-compose exec - It run the command inside the container. You need to pass container id along with command. For eg. docker-compose exec -i <container_id> ls / home
  • docker-compose pause - It pause the services. This is different from stop in the way that it is like sleeping for sometime and when resume it continues from the point where it is paused. Stop service will kill the container running thread and it will start from the scratch. For example, you have application that prints 2 line of statement. if you pause after printing first line of statement, unpause will continue from there and it will print the second line. In case of stop after first line and restart, it will again print both first and second line of statement
  • docker-compose unpause - Resumes the paused services.
  • docker-compose port - It prints the public port for port binding
  • docker-compose build - It build or rebuild services
  • docker-compose bundle - It generates a docker bundle from compose file
  • docker-compose config - It validates the docker compose file
  • docker-compose create - It creates the services
  • docker-compose images - It list the docker images
  • docker-compose logs - View container output
  • docker-compose top - It views the running container
  • docker-compose version - It displays the version of docker compose installed on the host
  • docker-compose help - It gets help on a command
Thats all for short introduction to docker compose. If you are using Ansible, you can manage containers lifecycle using docker_compose module. For any query, please mention in comments section. Thanks!!